This Metasploit module exploits a stack overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast address. The ISS exception handler will recover the process after each overflow, giving us the ability to bruteforce the service and exploit it multiple times.
d67c5051b25bd521627ed2f0b421e431d2c7a7bc79507cd2dd85cb4525447b2a
This Metasploit module exploits a buffer overflow in the header parsing of icecast, discovered by Luigi Auriemma. Sending 32 HTTP headers will cause a write one past the end of a pointer array.
f52566cdec54b398c8bf936c7c78edca800747f33139bbed5058021572328958
This Metasploit module exploits a buffer overflow in the 'DELETE' command of the the IMail IMAP4D service. This vulnerability can only be exploited with a valid username and password. This flaw was patched in version 8.14.
45c28e289d7ca094f36d717ca5ca385e07a8e3e5009cc9c204983f07644fceb0
This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
6b1062b85247570ddb5362e034cb6be3d1be2f14dd236970e3ab1f279909588d
This is an exploit for the Serv-U's MDTM command timezone overflow. It has been heavily tested against versions 4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against nt4/2k/xp/2k3. I have also had success against version 3, but only tested 1 version/os. The bug is in all versions prior to 5.0.0.4, but this exploit will not work against versions not listed above. You only get one shot, but it should be OS/SP independent. This exploit is a single hit, the service dies after the shellcode finishes execution.
1c3b43752311b6b529c56a7854e3eb5c43f864c5807deb857ed7f03bb39f179f
This is a Metasploit exploit for the Subversion date parsing overflow. This exploit is for the svnserve daemon (svn:// protocol) and will not work for Subversion over webdav (http[s]://). This exploit should never crash the daemon, and should be safe to do multi-hits.
c81084cf41376c203360dc2c4fd7badff87c3c33602d948682a6905bafe517a2
This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409.
2ac91eabba3f6978d3496332fe3a3b556afc0dd62339633aa241ff0f48843290